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DETAILED ACTION 



1 . The text of those sections of Title 35,U.S.Code not included in this section 
can be found in the prior office action. 

2. The prior office actions are incorporated herein by reference. In particular, 
the observations with respect to claim language, and response to 
previously presented arguments. 

3. Claims 1 and 68-87 have been withdrawn. Examiner suggests the 
cancellation of the claims 1 and 68-87 by Applicant in Applicant's 
response to this office action in order to clarify the final status of the 
claims. 

4. Claim 2 has been amended. 

5. Claims 2-67 are pending. 

6. Examiner withdraws objection to the drawings and specification due to 
correction by the applicant. 

7. Examiner withdraws rejection the double patenting rejections of claims 2- 
67 due to Approval of Applicant's Terminal Disclaimer filing on 05/23/2005 
with respect to U.S. Patent No. 6,820,199; 6,789,189 and 6,820,202 & 
Applicant's persuasive arguments with respect to application number 
10/248, 623. 

Response to Arguments 

8. In response to applicant's arguments, the recitation "operating by a third 
party a database for accounts, wherein information pertaining to each 
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account is retrievable from the database based on a unique identifier for 
that account" has not been given patentable weight because the recitation 
occurs in the preamble. A preamble is generally not accorded any 
patentable weight where it merely recites the purpose of a process or the 
intended use of a structure, and where the body of the claim does not 
depend on the preamble for completeness but, instead, the process steps 
or structural limitations are able to stand alone. See In re Hirao, 535 
F.2d 67, 190 USPQ 15 (CCPA 1976) and Kropa v. Robie, 187 F.2d 150, 
152, 88 USPQ 478, 481 (CCPA 1951). 

9. As per Applicant's arguments with respect to the location of the database, 
Examiner considers the location of the database as irrelevant since it is 
only a design choice where one can consider a system or node within a 
network as client or server or a node and where they can further be called 
any names one desire them to be. Having a database in a third party 
device does not distinguish the claimed apparatus, method and system 
from the prior art if prior art has the capability to do so perform (See MPEP 
2114 and Ex Parte Masham, 2 USPQ2d 1647 (1987)). The prior art is 
replete with references disclosing database used to store information 
(sensitive, encrypted or otherwise normal data). Further more col. 3, lines 
38-41 of Elgamal disclose the system may be three, four or more-way 
communication protocol. 

10. with respect to association of public key with a device regardless if we call 
it first or second or third party is similar to 10 above and therefore please 
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see MPEP 21 14 and Ex Parte Masham, 2 USPQ2d 1647 (1987). Further 
more col.3 t lines 38-41 of Elgamal disclose the system may be three, four 
or more-way communication protocol. 
1 1 .Applicant's arguments with respect to the added limitation "without the 
need for a digital certificate" into claim 2 has been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 102 

12. Claims 2-21, 23, 24-29-33 and 38 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Elgamal (5,671,279). 

As per claims 2, 8 and 9 Elgamal (5,671 ,279) teach a method of operating by a 
third party (see col. 6, line 67 and col. 7, line 1) a database for accounts, 
information pertaining to each account being retrievable from the database based 
on a unique identifier for that account (see col. 6, lines 56-58), comprising the 
steps of: 

(a) first associating by the third party a public key of a respective 
public-private key pair with each unique account identifier (see col. 
6, lines 56-58 and 66; col. 7, lines 1 and 52-56 and col. 10, lines 
20-23), and thereafter 

(b) performing entity authentication by the third party with respect to 
an electronic communication that is received by the third party (see col. 4, 
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lines 41-44 and col. 5, lines 1-6) and that includes both a unique account 
identifier and a digital signature for a message regarding the account 
associated with the unique account identifier (see col. 5, lines 20-31 and 
col. 6, lines 56-58 and 34-40) , the entity authentication consisting of 
solely conducting message authentication only using the digital signature 
received in each electronic communication (see col. 6, lines 37-38) and 
the public key associated with the unique account identifier accompanying 
the digital signature (see col. 34-37), and without the need for a digital 
certificate (see col. 5, lines 1-6 where it disclose authenticating messages 
using digital signature; lines 6-23 disclose authenticating the digital 
signature and the association of the public key and the digital certificate 
that corresponds to the public key for checking the integrity of the 
message, however col. 7, lines 8-13 disclose the authenticity of the receipt 
using digital signature and examiner considers such receipt as a message 
and therefore the message authentication could be done by signature 
authentication). Also see col .4-36 for detail with respect to claims 8 and 9. 

As per claim 3-4 Elgamal (5,671,279) teach the method of claim 2, wherein the 
third party is an account authority and financial institution (see col. 3, lines 31-33 
and col. 6, lines 55-57). 



Application/Control Number: 09/923,179 Page 6 

Art Unit: 2132 

As per claim 5 Elgamal (5,671,279) teach the method of claim 3, wherein one of 
the public keys associated with an account is obtained from an account holder for 
that account (see col. 5, lines 9-12). 

As per claims 6-7 and 24 Elgamal (5,671,279) teach the method of claim 3, 
wherein a public key associated with an account is obtained from a manufacturer 
of a device/ a distributor of a device that generates digital signatures using the 
corresponding private key (see col. 6, lines 34-36 and 41-53 where the key is an 
electronic key). 

As per claim 10 Elgamal (5,671 ,279) teach the method of claim 2, wherein the 
information includes an account number (see col. 6, line 3). 

As per claim 11-12 Examiner takes official notice that checking on current 
balance and available credit during authorization process of a purchase is well 
known in the art. 

As per claims 13 Elgamal (5,671 ,279) teach the method of claim 2, wherein the 
information includes a list of associated to accounts (see col. 6, lines 4-6). 

As per claim 14 Elgamal (5,671,279) teach the method of claim 2, wherein the 
information includes a name of an account holder (see col. 6, lines 4-8). 
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As per claim 15 Elgamal (5,671 ,279) teach the method of claim 2, wherein the 
information includes an address of an account holder (see col. 6, line 4). 

As per claims 16-17 Elgamal (5,671,279) teach the method of claim 2, wherein 
the information includes a social security number and a tax identification number 
of an account holder (see col. 5, line 27). 

As per claim 18, 37 and 38 Elgamal (5,671,279) teach the method of claim 2 f 
wherein the information regards a device containing a private key corresponding 
to the public key (see col. 5, lines 8-9). 

As per claim 19 Elgamal (5,671,279) teach the method of claim 2, wherein the 
information includes security features of a device (see col. 4, lines 12-16). 

As per claim 20 Elgamal (5,671 ,279) teach the method of claim 2, wherein a 
digital signature is generated within a device (see fig. 1 ; col. 3, lines 66-67 and 
col. 4, lines 1-32) where each device (merchant, customer and financial 
institution or third party create their digital signature). 

As per claims 21, 23 and 29-33 Elgamal (5,671 ,279) teach the method of claim 
20, wherein the device comprises a personal computer (see col. 3, line 54), credit 
card and debit card and other IC type chips used in the other type of devices 
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such as PDA, ID badge, security cards, and other smart cards (see col. 3, line 
59). 

Claim Rejections - 35 USC § 103 

13. Claims 2-33 and 37-67 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lewis (6,21 3,391 B1 ) in view of Eldridge et al 
(6,061,799 A). 

As per claims 2-33 and 37-67 Lewis (6,213,391 B1) teach a method of 
managing an account in a database, comprising the steps of: 
recording information pertaining to each of the accounts in the database of an 
account authority (see abstract; col. 3, lines 36-67; col .4, lines 1-13); and 
assigning a respective unique identifier to each account such that information 
pertaining to each respective account is retrievable from the database based on 
its unique identifier (see col.3, lines 36-67; col.4 f lines 1-13 and 26-39 where the 
unique identifier is biometric or other unique information of the users and it is 
retrievable based on that unique identifier). Lewis also teach that such unique 
identifier may be used to access number of user's accounts in line 13-19 of col .4 
where one code is used to access multiple accounts of a user. Lewis (6,213,391 
B1 ) also teach wherein a unique identifier comprises unique characteristics of the 
user such as biometric information, identification profile that could be numeric, 
alphanumeric, or other digital representation of the user's unique biometric or 
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digital signature profile in col.3, lines 36-67 and col.4, lines 1-2 and therefore 
Lewis teach information that is account number, current balance, available credit, 
associated accounts, name, address, tax identification, all numeric or 
alphanumeric or other digital representation of the user's unique identification but 
do not disclose associating the same public key of a public-private key pair with a 
plurality of unique identifier; a device possessing the private key used to 
generate a digital signature of an electronic message; information includes 
security characteristics of a device possessing the private key used to generate a 
digital signature of an electronic message; the step of associating a public key 
with a unique identifier comprises recording the public key with the information 
retrievable based on the unique identifier; and electronic message includes no 
account-identifying information other than a unique identifier of an account. 
However Eldridge et al (6,061,799 A) teach association of unique identifier with 
public-private key as shown in fig.3a and a device possessing the private key 
used to generate a digital signature of an electronic message; information 
includes security characteristics of a device possessing the private key used to 
generate a digital signature of an electronic message; the step of associating a 
public key with a unique identifier comprises recording the public key with the 
information retrievable based on the unique identifier; and electronic message 
includes no account-identifying information other than a unique identifier (see 
fig.3a; col. 5, lines 4-9 where at least one record includes account information 
such as client id file and client unique identifier such as password; see fig.3a 
where stored client file includes public-private key and public key identifier of the 
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client; also see col. 5, lines 35-55; see col .5, lines 56-67; col. 6, lines 1-26 where 
the digital signature such as DDS may be employed as an option in encryption 
process and transmission of encrypted message; and col.6, lines 52-67; col .7, 
lines 1-14; see col.7, lines 18-48 and col. 10, lines 23-52 and fig.2; col.3, lines 48- 
67; col .4, lines 1-14; col .6, lines 12-19; and where the fig.2 also clearly shown 
more than one server process or a third party that also represent the above 
limitations). Therefore Eldridge teach the unique id correspondence to public- 
private key to a device or a third party device and on the other hand Lewis teach 
how using the same unique id corresponds to number of accounts of a user. It 
would have been obvious to one of ordinary skilled in the art at the time the 
invention was made to utilize Eldridge's public-private key link to the unique 
identifier in Lewis personal identification system that is based on distinctive 
characteristics of the user in order to retrieve the same public key that 
corresponds to unique identifier from the database in order to generate encrypted 
data, digital signature in a secure manner. It would have been obvious also to 
one of ordinary skilled in the art to utilize the above method in well known 
portable devices such as PDA, smart cards such as credit cards and debit cards, 
dangle, touch screen portable PDA or other portable devices including jewelry in 
order to communicate wirelessly between the portable device and a host to 
implement the above method as being disclosed by Lewis (6,213,391 B1) in view 
of Eldridge et al (6,061 ,799 A) retrieve the same public key that corresponds to 
unique identifier from the database in order to generate encrypted data, digital 
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signature in a secure manner. Also see the entire patents for detailed description 
of the above limitations. 



Allowable Subject Matter 

14. Claims 34-36 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all 
of the limitations of the base claim and any intervening claims. 



Conclusion 

15. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE 
FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1 .136(a). 
A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed 
within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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16. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Kambiz Zand whose telephone 
number is (571 ) 272-381 1 . The examiner can normally reached on 
Monday-Thursday (8:00-5:00). If attempts to reach the examiner by 
telephone are unsuccessful, the examiner's supervisor, Gilberto Barron 
can be reached on (571 ) 272-3799. The fax phone numbers for the 
organization where this application or proceeding is assigned as (571) 
273-8300. Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval (PAIR) system. 
Status information for published applications may be obtained from either 
Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information 
about the PAIR system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




Kambiz Zand 



08/01/2005 



